Closed
Bug 1464734
Opened 6 years ago
Closed 1 year ago
Obtain an EV cert for accounts.firefox.com
Categories
(Cloud Services :: Server: Firefox Accounts, enhancement)
Cloud Services
Server: Firefox Accounts
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: rfkelly, Unassigned)
Details
(Whiteboard: [fxa-waffle-ignore])
I'm spinning this out from Bug 1420779 Comment 4 and related discussions. We occasionally get reports from users who can't sign in to their Firefox Account due to TLS certificate errors, which we believe to be caused by MitM software such as antivirus or captive portals. In Bug 1420779 Comment 4 it's suggested that using an EV certificate avoid such software interfering with the connection to accounts.firefox.com, at least in some cases. In the interests of improving user experience, should we obtain an EV certificate for accounts.firefox.com IIUC the value-add of EV certificates is somewhat controversial (e.g. [1]) so I'm not suggesting we get one just because it's "more secure" in some ill-defined sense. But if we have reason to believe an EV cert would decrease interference from TLS MitM software, that seems like a solid concrete reason to invest in one. [1] https://scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/
|
||
Comment 1•6 years ago
|
||
I'd say let's do it and see if we can verify JC's hypothesis.
|
||
Updated•6 years ago
|
Whiteboard: [fxa-waffle-ignore]
|
|
||
Comment 2•6 years ago
|
||
Ignoring this in waffle, not actionable by devs. :jbuck let me know if we need to change the component for this
|
||
Updated•4 years ago
|
Flags: needinfo?(jrgm)
Flags: needinfo?(jbuckley)
|
|
||
Updated•1 year ago
|
Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(jrgm)
Flags: needinfo?(jbuckley)
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•